diff options
| author | Jeremy Sowden <jeremy@azazel.net> | 2024-11-19 00:18:28 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-12-04 15:35:55 +0100 |
| commit | 54bfc38c522babe709e951f1fd128ff725b36704 (patch) | |
| tree | 4432fccc08834428082c176fab42cbb3e880e819 /tests/py/any/ct.t.payload | |
| parent | bc0311378285d41850e3508df905d75959ba4239 (diff) | |
src: allow binop expressions with variable right-hand operands
Hitherto, the kernel has required constant values for the `xor` and
`mask` attributes of boolean bitwise expressions. This has meant that
the right-hand operand of a boolean binop must be constant. Now the
kernel has support for AND, OR and XOR operations with right-hand
operands passed via registers, we can relax this restriction. Allow
non-constant right-hand operands if the left-hand operand is not
constant, e.g.:
ct mark & 0xffff0000 | meta mark & 0xffff
The kernel now supports performing AND, OR and XOR operations directly,
on one register and an immediate value or on two registers, so we need
to be able to generate and parse bitwise boolean expressions of this
form.
If a boolean operation has a constant RHS, we continue to send a
mask-and-xor expression to the kernel.
Add tests for {ct,meta} mark with variable RHS operands.
JSON support is also included.
This requires Linux kernel >= 6.13-rc.
[ Originally posted as patch 1/8 and 6/8 which has been collapsed and
simplified to focus on initial {ct,meta} mark support. Tests have
been extracted from 8/8 including a tests/py fix to payload output
due to incorrect output in original patchset. JSON support has been
extracted from patch 7/8 --pablo]
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/any/ct.t.payload')
| -rw-r--r-- | tests/py/any/ct.t.payload | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/tests/py/any/ct.t.payload b/tests/py/any/ct.t.payload index ed868e53..14385cf7 100644 --- a/tests/py/any/ct.t.payload +++ b/tests/py/any/ct.t.payload @@ -336,6 +336,15 @@ ip test-ip4 output [ lookup reg 1 set __map%d dreg 1 ] [ ct set mark with reg 1 ] +# ct mark set ct mark and 0xffff0000 or meta mark and 0xffff +ip + [ ct load mark => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0xffff0000 ) ^ 0x00000000 ] + [ meta load mark => reg 2 ] + [ bitwise reg 2 = ( reg 2 & 0x0000ffff ) ^ 0x00000000 ] + [ bitwise reg 1 = ( reg 1 | reg 2 ) ] + [ ct set mark with reg 1 ] + # ct original bytes > 100000 ip test-ip4 output [ ct load bytes => reg 1 , dir original ] @@ -497,6 +506,12 @@ ip test-ip4 output [ bitwise reg 1 = ( reg 1 & 0xfffffffe ) ^ 0x00000001 ] [ ct set mark with reg 1 ] +# ct mark set 0x00000001 or ct mark +ip test-ip4 output + [ ct load mark => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0xfffffffe ) ^ 0x00000001 ] + [ ct set mark with reg 1 ] + # ct id 12345 ip test-ip4 output [ ct load unknown => reg 1 ] |